Az - Logic Apps

Reading time: 14 minutes

tip

Jifunze na fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE) Jifunze na fanya mazoezi ya Azure Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

Angalia mpango wa usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

Basic Information

Azure Logic Apps ni huduma ya msingi ya wingu inayotolewa na Microsoft Azure ambayo inawawezesha waendelezaji kuunda na kuendesha workflows zinazounganisha huduma mbalimbali, vyanzo vya data, na programu. Workflows hizi zimeundwa ili kuendesha michakato ya biashara, kupanga kazi, na kufanya uunganisho wa data kati ya majukwaa tofauti.

Logic Apps inatoa mbunifu wa kuona kuunda workflows na aina mbalimbali za viunganishi vilivyotengenezwa awali, ambavyo hufanya iwe rahisi kuungana na kuingiliana na huduma mbalimbali, kama vile Office 365, Dynamics CRM, Salesforce, na nyingine nyingi. Unaweza pia kuunda viunganishi vya kawaida kwa mahitaji yako maalum.

Unapounda Logic App, lazima uunde au uunganishe akaunti ya kuhifadhi ya nje inayohifadhi hali ya workflow, historia ya uendeshaji, na vitu. Hifadhi hii inaweza kuundwa na mipangilio ya uchunguzi kwa ajili ya ufuatiliaji na inaweza kulindwa kwa vizuizi vya ufikiaji wa mtandao au kuunganishwa katika mtandao wa virtual ili kudhibiti trafiki ya kuingia na kutoka.

Examples

Automating Data Pipelines: Logic Apps zinaweza kuendesha mchakato wa uhamishaji na mabadiliko ya data kwa kushirikiana na Azure Data Factory. Hii ni muhimu kwa kuunda mabomba ya data yanayoweza kupanuka na kuaminika ambayo yanahamisha na kubadilisha data kati ya hifadhi mbalimbali za data, kama vile Azure SQL Database na Azure Blob Storage, kusaidia katika uchambuzi na operesheni za akili ya biashara.
Integrating with Azure Functions: Logic Apps zinaweza kufanya kazi pamoja na Azure Functions kuendeleza programu za kisasa zinazotegemea matukio ambazo zinaweza kupanuka kadri inavyohitajika na kuunganishwa kwa urahisi na huduma nyingine za Azure. Mfano wa matumizi ni kutumia Logic App kuanzisha Azure Function kama jibu kwa matukio fulani, kama vile mabadiliko katika akaunti ya Azure Storage, kuruhusu usindikaji wa data wa kidinamikia.

Visualize a LogicAPP

Inawezekana kuona LogicApp kwa picha:

au kuangalia msimbo katika sehemu ya "Logic app code view".

SSRF Protection

Hata kama unapata Logic App ikiwa na udhaifu wa SSRF, huwezi kupata akreditivu kutoka kwa metadata kwani Logic Apps hairuhusu hilo.

Kwa mfano, kitu kama hiki hakitatoa token:

bash

# The URL belongs to a Logic App vulenrable to SSRF
curl -XPOST 'https://prod-44.westus.logic.azure.com:443/workflows/2d8de4be6e974123adf0b98159966644/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=_8_oqqsCXc0u2c7hNjtSZmT0uM4Xi3hktw6Uze0O34s' -d '{"url": "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/"}' -H "Content-type: application/json" -v

Hosting options

Kuna chaguzi kadhaa za mwenyeji:

Consumption

Multi-tenant: inatoa rasilimali za kompyuta zinazoshirikiwa, inafanya kazi katika wingu la umma, na inafuata mfano wa bei kulingana na operesheni. Hii ni bora kwa kazi nyepesi na za gharama nafuu. Hii inapeleka "Single Workflow".

Standard

Workflow Service Plan: rasilimali za kompyuta zilizotengwa zikiwa na ushirikiano wa VNET kwa ajili ya mtandao na malipo kwa kila mfano wa mpango wa huduma ya workflow. Inafaa kwa kazi zinazohitaji zaidi udhibiti.
App Service Environment V3 rasilimali za kompyuta zilizotengwa zikiwa na kutengwa kamili na upanuzi. Pia inashirikiana na VNET kwa mtandao na inatumia mfano wa bei kulingana na mifano ya App Service ndani ya mazingira.
Hybrid iliyoundwa kwa ajili ya usindikaji wa ndani na msaada wa multi-cloud. Inaruhusu rasilimali za kompyuta zinazodhibitiwa na mteja zikiwa na ufikiaji wa mtandao wa ndani na inatumia Kubernetes Event-Driven Autoscaling (KEDA). Inategemea Mazingira ya Programu ya Kontena.

Key Features

Storage: Logic Apps zinahitaji akaunti ya nje ya Azure Storage kuhifadhi hali ya workflow, historia ya kukimbia… na lazima iwe katika kundi moja la rasilimali kama Logic App.
Networking & Security: Logic Apps zinaweza kuundwa na ufikiaji wa umma au wa kibinafsi. Kwa kawaida, programu iko wazi kwa mtandao lakini inaweza kuunganishwa na Azure Virtual Network kwa ajili ya muunganisho wa kutengwa.
Application Insights: Usimamizi wa Utendaji wa Programu (APM) kupitia Azure Monitor Application Insights unaweza kuwezeshwa kufuatilia utendaji, kugundua tofauti, na kutoa uchambuzi.
Access Control: Logic apps zinasaidia Identiti Zinazosimamiwa na Mfumo & Identiti Zinazosimamiwa na Mtumiaji.

"Single" Workflows

workflow ni mfululizo wa hatua au kazi za kiotomatiki zilizopangwa ambazo zinafanya mchakato au lengo maalum. Inafafanua jinsi vitendo tofauti, hali, na maamuzi yanavyoshirikiana ili kufikia matokeo yanayotakiwa, ikipunguza operesheni na kupunguza juhudi za mikono. Workflows zinaweza kuunganisha mifumo mingi, kuanzisha matukio, na sheria, kuhakikisha uthabiti na ufanisi katika michakato.

Azure Logic apps inatoa uwezo wa kuunda workflow moja bila haja ya Logic App yenyewe.

Kila workflow ina triggers tofauti. Hizi triggers ni hatua ambazo workflow inafuata. Kila trigger ina vigezo vyake ambavyo vinaweza kutofautiana kulingana na aina ya trigger:

Jina la muunganisho
Aina ya Uthibitishaji ambayo inaweza kuwa, Funguo za Ufikiaji, Microsoft Entra ID, uthibitishaji wa huduma iliyounganishwa na Identiti ya Logic Apps.

Triggers pia zina mipangilio mbalimbali:

Uthibitishaji wa Muundo: Inahakikisha data inayokuja inafuata muundo ulioainishwa.
Udhibiti wa Ufanisi: Inapunguza idadi ya kukimbia kwa wakati mmoja
Masharti ya Trigger: masharti ambayo yanapaswa kutimizwa kabla ya trigger kuanzishwa.
Mtandao: Inapanga ukubwa wa kipande kwa ajili ya uhamasishaji wa data na inaruhusu kuficha vichwa vya workflow katika majibu.
Usalama: Inaruhusu Inputs/Outputs Salama kuficha data nyeti katika kumbukumbu na matokeo.

Mipangilio & Muunganisho wa API:

Workflow ina mipangilio tofauti kama:

Anwani za IP zinazoruhusiwa kuingia: Mipangilio hii inakuwezesha kupunguza nani anaweza kuanzisha au kuanzisha Logic App yako. Chaguo ni IP yoyote, Logic Apps nyingine pekee na anuwai maalum za IP.
Akaunti ya Uunganisho: Hapa, unaweza kuunganisha Logic App yako na Akaunti ya Uunganisho.
Uhamasishaji wa juu: Mipangilio hii inaruhusu Logic App yako kushughulikia maombi zaidi kwa haraka.
Uhifadhi wa historia ya kukimbia: kwa muda gani historia ya utekelezaji wa Logic App yako inahifadhiwa.

Unaweza kuona muunganisho tofauti wa API ambao workflow ina. Ndani ya kila moja ya muunganisho haya wana mali tofauti na uwezekano wa kuhariri muunganisho wa API ambapo aina ya Uthibitishaji inaweza kubadilishwa.

Historia & Matoleo: Ina chaguo la kufikia historia ya utekelezaji tofauti, inaonyesha, Mipangilio, Matokeo, Vigezo na Msimbo.

Pia ina chaguo la kufikia matoleo tofauti ya workflow, ambapo unaweza kuangalia msimbo na kubadilisha workflow iliyopo na toleo la zamani la hiyo.

Uidhinishaji: Azure Logic Apps zinasaidia sera za uidhinishaji na Entra ID ili kulinda triggers zinazotegemea maombi kwa kuhitaji tokeni halali ya ufikiaji. Tokeni hii lazima iwe na madai maalum:

Mtoaji (iss) ili kuthibitisha mtoa huduma wa utambulisho
Watazamaji (aud) ili kuhakikisha tokeni inakusudiwa kwa Logic App
Somo (sub) ili kubaini mpiga simu
JWT ID (kitambulisho cha JSON Web Token)
Dhamana Maalum

Wakati ombi linapopokelewa, Logic Apps inathibitisha tokeni dhidi ya madai haya na inaruhusu utekelezaji tu ikiwa zinakubaliana na sera iliyowekwa. Hii inaweza kutumika kuruhusu mpangilio mwingine kuanzisha workflow au kukataa trigger kutoka vyanzo vingine, kwa mfano kuruhusu trigger tu ikiwa inatoka https://login.microsoftonline.com/.

Funguo za Ufikiaji: Unapohifadhi trigger inayotegemea ombi kwa mara ya kwanza, Logic Apps kiotomatiki huunda mwisho wa kipekee na saini ya SAS (iliyoundwa kutoka kwa Funguo za Ufikiaji) inayotoa ruhusa ya kuita workflow. Saini hii ya SAS imejumuishwa katika URL ya trigger. Funguo hii inaweza kuundwa upya na itatoa saini mpya ya SAS, lakini funguo hazitaweza kuorodheshwa.

URL ya kuitisha kwa Funguo za Ufikiaji:

https://.logic.azure.com:443/workflows//triggers//paths/invoke?api-version=&sp=%2Ftriggers%2F%2Frun&sv=&sig=

Enumeration

bash

# List
az logic workflow list --resource-group <ResourceGroupName>
# Get info
az logic workflow show --name <LogicAppName> --resource-group <ResourceGroupName>

# Get details of a specific Logic App workflow, including its connections and parameters
az rest \
--method GET \
--uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{workflowName}?api-version=2016-10-01&$expand=connections.json,parameters.json" \
--headers "Content-Type=application/json"

# Get details about triggers for a specific Logic App
az rest --method GET \
--uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{logicAppName}/triggers?api-version=2016-06-01"

# Get the callback URL for a specific trigger in a Logic App
az rest --method POST \
--uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{logicAppName}/triggers/{triggerName}/listCallbackUrl?api-version=2016-06-01"

# Get the history of a specific trigger in a Logic App
az rest --method GET \
--uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{logicAppName}/triggers/{triggerName}/histories?api-version=2016-06-01"

# List all runs of a specific Logic App workflow
az rest \
--method GET \
--uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{workflowName}/runs?api-version=2016-06-01" \
--headers "Content-Type=application/json"

# Get all actions within a specific run of a Logic App workflow
az rest \
--method GET \
--uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{workflowName}/runs/{runName}/actions?api-version=2016-06-01" \
--headers "Content-Type=application/json"

# List all versions of a specific Logic App workflow
az rest \
--method GET \
--uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{workflowName}/versions?api-version=2016-06-01" \
--headers "Content-Type=application/json"

# Get details of a specific version of a Logic App workflow
az rest \
--method GET \
--uri "https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Logic/workflows/{workflowName}/versions/{versionName}?api-version=2016-06-01" \
--headers "Content-Type=application/json"

# List all Logic Apps in the specified resource group
az logicapp list --resource-group <ResourceGroupName>

# Show detailed information about a specific Logic App
az logicapp show --name <LogicAppName> --resource-group <ResourceGroupName>

# List all application settings for a specific Logic App
az logicapp config appsettings list --name <LogicAppName> --resource-group <ResourceGroupName>

# Get a Parameters from an Azure App Service using Azure REST API
az rest --method GET --url "https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/Microsoft.Web/sites/{app-service-name}/hostruntime/admin/vfs/parameters.json?api-version=2018-11-01&relativepath=1"

# Get webhook-triggered workflows from an Azure Logic App using Azure REST API
az rest --method GET --url "https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/Microsoft.Web/sites/{logic-app-name}/hostruntime/runtime/webhooks/workflow/api/management/workflows?api-version=2018-11-01"

# Get workflows from an Azure Logic App using Azure REST API
az rest --method GET --url "https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/Microsoft.Web/sites/{logic-app-name}/workflows?api-version=2018-11-01"

# Get details of a specific workflow including its connections and parameters in Azure Logic Apps using Azure REST API
az rest --method GET --uri "https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/Microsoft.Web/sites/{logic-app-name}/workflows/{workflow-name}?api-version=2018-11-01&\$expand=connections.json,parameters.json"

bash

Get-Command -Module Az.LogicApp

# List
Get-AzLogicApp -ResourceGroupName <ResourceGroupName>
# Get info
Get-AzLogicApp -ResourceGroupName <ResourceGroupName> -Name <LogicAppName>

# Get details of a specific Logic App workflow run action
Get-AzLogicAppRunAction -ResourceGroupName "<ResourceGroupName>" -Name "<LogicAppName>" -RunName "<RunName>"

# Get the run history for a specific Logic App
Get-AzLogicAppRunHistory -ResourceGroupName "<ResourceGroupName>" -Name "<LogicAppName>"

# Get details about triggers for a specific Logic App
Get-AzLogicAppTrigger -ResourceGroupName "<ResourceGroupName>" -Name "<LogicAppName>"

# Get the callback URL for a specific trigger in a Logic App
Get-AzLogicAppTriggerCallbackUrl -ResourceGroupName "<ResourceGroupName>" -LName "<LogicAppName>" -TriggerName "<TriggerName>"

# Get the history of a specific trigger in a Logic App
Get-AzLogicAppTriggerHistory -ResourceGroupName "<ResourceGroupName>" -Name "<LogicAppName>" -TriggerName "<TriggerName>"

Akaunti za Uunganisho

Akaunti za Uunganisho, ni kipengele cha Azure Logic Apps. Akaunti za Uunganisho zinatumika kuwezesha uunganisho wa kiwango cha biashara kwa kuwezesha uwezo wa juu wa B2B, kama vile EDI, AS2, na usimamizi wa muundo wa XML. Akaunti za Uunganisho ni kontena katika Azure ambazo zinahifadhi vitu vifuatavyo vinavyotumika kwa Logic Apps:

Mifano: Simamia mifano ya XML kwa ajili ya kuthibitisha na kushughulikia ujumbe katika akaunti yako ya uunganisho.
Ramani: Sanidi mabadiliko yanayotegemea XSLT kubadilisha muundo wa data ndani ya mifumo yako ya uunganisho.
Mkusanyiko: Simamia mkusanyiko wa akaunti za uunganisho ili kuboresha mantiki na usindikaji wa data.
Vyeti: Shughulikia vyeti kwa ajili ya kuficha na kusaini ujumbe, kuhakikisha mawasiliano salama.
Washirika: Simamia taarifa za washirika wa biashara kwa ajili ya shughuli za B2B, kuwezesha uunganisho usio na mshono.
Makubaliano: Sanidi sheria na mipangilio ya kubadilishana data na washirika wa biashara (mfano, EDI, AS2).
Mipangilio ya Kundi: Simamia mipangilio ya usindikaji wa kundi ili kuunganisha na kushughulikia ujumbe kwa ufanisi.
RosettaNet PIP: Sanidi Mchakato wa Kiolesura cha Washirika wa RosettaNet (PIPs) kwa ajili ya kuweka kiwango cha mawasiliano ya B2B.

Uhesabu

bash

# Integration account
az logic integration-account list --resource-group <resource-group-name>
az logic integration-account show --resource-group <resource-group-name> --name <integration-account-name>
az logic integration-account list-callback-url --resource-group <resource-group-name> --integration-account-name <integration-account-name>

# Batch-configuration
az logic integration-account batch-configuration list \
--resource-group <resource-group-name> \
--integration-account-name <integration-account-name>

az logic integration-account batch-configuration show \
--resource-group <resource-group-name> \
--integration-account-name <integration-account-name> \
--batch-configuration-name <batch-configuration-name>

# Map
az logic integration-account map list \
--resource-group <resource-group-name> \
--integration-account <integration-account-name>

az logic integration-account map show \
--resource-group <resource-group-name> \
--integration-account <integration-account-name> \
--map-name <map-name>

# Partner
az logic integration-account partner list \
--resource-group <resource-group-name> \
--integration-account <integration-account-name>

az logic integration-account partner show \
--resource-group <resource-group-name> \
--integration-account <integration-account-name> \
--name <partner-name>

# Session
az logic integration-account session list \
--resource-group <resource-group-name> \
--integration-account <integration-account-name>

az logic integration-account session show \
--resource-group <resource-group-name> \
--integration-account <integration-account-name> \
--name <session-name>

# Assembly
# Session
az logic integration-account assembly list \
--resource-group <resource-group-name> \
--integration-account <integration-account-name>

az logic integration-account assembly show \
--resource-group <resource-group-name> \
--integration-account <integration-account-name> \
--assembly-artifact-name <assembly-name>

bash

Get-Command -Module Az.LogicApp

# Retrieve details of an integration account
Get-AzIntegrationAccount -ResourceGroupName <resource-group-name> -Name <integration-account-name>

# Retrieve the callback URL of an integration account
Get-AzIntegrationAccountCallbackUrl -ResourceGroupName <resource-group-name> -IntegrationAccountName <integration-account-name>

# Retrieve details of a specific agreement in an integration account
Get-AzIntegrationAccountAgreement -ResourceGroupName <resource-group-name> -IntegrationAccountName <integration-account-name> -Name <agreement-name>

# Retrieve details of a specific assembly in an integration account
Get-AzIntegrationAccountAssembly -ResourceGroupName <resource-group-name> -IntegrationAccountName <integration-account-name> -Name <assembly-name>

# Retrieve details of a specific batch configuration in an integration account
Get-AzIntegrationAccountBatchConfiguration -ResourceGroupName <resource-group-name> -IntegrationAccountName <integration-account-name> -Name <batch-configuration-name>

# Retrieve details of a specific certificate in an integration account
Get-AzIntegrationAccountCertificate -ResourceGroupName <resource-group-name> -IntegrationAccountName <integration-account-name> -Name <certificate-name>

# Retrieve details of a specific map in an integration account
Get-AzIntegrationAccountMap -ResourceGroupName <resource-group-name> -IntegrationAccountName <integration-account-name> -Name <map-name>

# Retrieve details of a specific partner in an integration account
Get-AzIntegrationAccountPartner -ResourceGroupName <resource-group-name> -IntegrationAccountName <integration-account-name> -Name <partner-name>

# Retrieve details of a specific schema in an integration account
Get-AzIntegrationAccountSchema -ResourceGroupName <resource-group-name> -IntegrationAccountName <integration-account-name> -Name <schema-name>

Kuinua Mamlaka

Kama ilivyo kwa privesc za logic apps:

Az - Logic Apps Privesc

Baada ya Kutekeleza

Az - Logic Apps Post Exploitation

tip

Support HackTricks

Angalia mpango wa usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

HackTricks Cloud